PT-2026-42129 · Nlnet+3 · Unbound+3
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions prior to 1.25.1
Description
An issue exists in the jostle logic that can degrade resolution performance. When the
num-queries-per-thread limit is reached, the jostle logic identifies slow-resolving queries for replacement. However, duplicate queries for the same resolution effort update the timestamp to the latest request rather than maintaining the original start time. This skews the aging process, preventing the system from correctly identifying and replacing aged queries. An attacker capable of querying the system and controlling a slow or malicious domain name server can exploit this to degrade performance, potentially leading to a denial of resolution service. Cache and local data response performance are not affected.Recommendations
Update to version 1.25.1.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Freebsd
Linuxmint
Ubuntu
Unbound